Re: Scare Me !!

[Ken Hardy <ken () bridge com>]

I got a call from someone concerned that I was giving away my
(weak) security profile.  Fortunately, that's not the case; I
was saying what some people think, not what we've got
implemented (though I suppose this disclaimer won't stop the
script-kiddies from trying.)

I may have been overly dramatic in my examples, but it's a fact
that I'm constantly dealing w/ folks who don't understand the
battlefield.  Getting them to recognize that there's a war is
what I'm after.

The SANS Institute looks better than the last time I checked it
out.  (Or maybe it's not the same site I'm thinking of.)  I
might put together a page with links to that as well as to
phrack, 2600, rootshell, &c.  Any further suggestions along
those lines (or better) are still appreciated.

  - KH




On Thu, 10 Jun 1999, Ken Hardy wrote:

> I need to induce a healthy respect for Internet dangers into
> some folks around here.  I know the dangers, or enough of them,
> but it's wearing to try to educate one after another exec,
> network tech, etc.
>
> In addition to the regular sort of security literature, a list
> of real-life (or very possible) security incidents that could
> help foster a healthy respect for the potential dangers might
> be real useful.  An internet shop of horrors website, perhaps.
> I'd appreciate anything useful in this regard.
>
> I'm trying to reach the sort of people who think that a) we
> have a firewall so we're safe; b) a packet filter is a firewall
> (even if all ports >1024 are open!); c) desktop modems are
> nothing to worry about; d) we *need* to support the
> impossible-to-defend protocols of the latest whiz-bang internet
> app through the firewall; e) policy?  we don't need no stinkin'
> policy; f) etc., etc., etc.
>
>  -- KH